Critical Remote Code Execution Vulnerability in Genian NAC Allows Attackers to Execute Arbitrary Code with SYSTEM Privileges

Critical Remote Code Execution Vulnerability in Genian NAC Allows Attackers to Execute Arbitrary Code with SYSTEM Privileges

CVE-2021-26622 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.

Learn more about our Web Application Penetration Testing UK.